How to remove $REJHZQT.exe

$REJHZQT.exe

The module $REJHZQT.exe has been detected as Risk.CoinMiner

$REJHZQT.exe
Remove $REJHZQT.exe

File Details

Product Name:

XMRig
Company Name:

www.xmrig.com
MD5: 74fd756f362065d3207a082d2597ff7d
Size: 8 MB
First Published: 2018-04-23 17:03:25 (7 years ago)
Latest Published: 2022-08-25 23:15:16 (2 years ago)
Status: Risk.CoinMiner (on last analysis)
Analysis Date: 2022-08-25 23:15:16 (2 years ago)

Common Places:

%temp%
%sysdrive%\$recycle.bin
%desktop%
%programfiles%\worldmining miner\bin
%appdata%\wmminer112\bin
%commonappdata%
%sysdrive%\-min-\ryoguiwallet
%sysdrive%\download
%sysdrive%\$recycle.bin\s-1-5-21-3080827938-3296939128-2226686850-1000
%sysdrive%\minare\wmpool_1.12 (1)\new folder\worldmining miner\bin

File Names:

wupv.exe
$REJHZQT.exe
5 (2).exe
xmrig-nvidia.exe
gpuminer_nvid.exe
$RIU9VG2.exe
$RJ6IDXJ.exe
$RLT5VJM.exe
$RFUYERF.exe

Geography:

41.5%
9.3%
6.9%
6.9%
6.6%
4.5%
4.2%
3.4%
1.6%
1.3%
1.1%
1.1%
1.1%
0.8%
0.8%
0.8%
0.8%
0.8%
0.8%
0.5%
0.5%
0.5%
0.5%
0.5%
0.5%
0.3%
0.3%
0.3%
0.3%
0.3%
0.3%
0.3%
0.3%
0.3%
0.3%

OS Version:

Windows 7 56.8%
Windows 10 35.9%
Windows 8 4.7%
Windows 8.1 2.4%
Windows Embedded 8.1 0.3%

Analysis

Subsystem: Windows CUI
PE Type: pe
OS Bitness: 64
Image Base: 0x0000000140000000
Entry Address: 0x0007181c

PE Sections:

Name Size of data MD5
.text 619008 df0d5a29a4c6fe303f4a84542e947789
.rdata 198656 5b6ac80f4e8f81027b330da383b66ea8
.data 49664 18fb4d0d5349978da0f663bed07455ee
.pdata 28672 c46025c8510c4acd929b10ae56b9eb29
.nv_fatb 7715840 1f17b8b92debb57e7e7066bdcb2e5a1f
.nvFatBi 512 8ec85e6f28ef9fdf0f237f1ebff86872
.gfids 1024 16c38fbd4a3483abaab261e93b5b0f80
.tls 512 1f354d76203061bfdd5a53dae48d5435
.rsrc 23040 7dc328ea987f64e3d93ed4bb523afca2
.reloc 5632 74e370d393b2d2972373b532cd56fb94

More information:

Search on Virustotal
Download GridinSoft Anti-Malware - Removal tool for $REJHZQT.exe
copyright for information about $REJHZQT.exe